Cyble Analyzes An Active Campaign Exploiting A Microsoft SmartScreen Vulnerability To Deliver Stealers Via Spam Emails. Key findings:  * Cyble Research and Intelligence Labs (CRIL) recently came across an active campaign exploiting the Microsoft SmartScreen vulnerability (CVE-2024-21412). * The ongoing campaign targets multiple regions, including Spain, the US, and Australia. …

A huge collection of passwords, containing almost ten billion unique passwords, was leaked on a popular hacking forum. The Cybernews research team warns that this leak could seriously endanger users who tend to reuse. Cybernews researchers found the biggest password collection with 9,948,575,739 unique passwords. It was posted as a …

First get together of information security professionals community (ISPC) was held at Dhaka with a festive look with the participation of 70+ professionals from different organizations at Dhaka. At get together, the attendees discussed how can ISPC be well structured for the professionals. Someone proposed to form ISPC a professional …

Mohammed Iqbal Hossain has been elected as the president of ISACA Dhaka chapter and Md. Abul Kalam Azad has been reelected as secretary. Saturday (6 July) from 4 pm to 6.30 pm, 150+ member cast their vote to elect their candidates for ISACA Dhaka chapter. This year 23 candidates fight …

A new ransomware named Eldorado appeared in March and has locker versions for VMware ESXi and Windows. The gang has claimed 16 victims, mostly in the U.S., in various sectors including real estate, education, healthcare, and manufacturing. Researchers from Group-IB observed the activity of Eldorado. They found that the operators …

French cloud computing firm OVHcloud recently handled the largest DDoS attack in terms of packet rate. This attack occurred during a period of increasing intensity in DDoS attacks. According to the cloud provider, packet rate DDoS attacks are very effective because they are harder to stop than attacks with fewer, …

The web development community was affected by a supply chain attack on the popular Polyfill.io JavaScript library last week. Polyfill.js supports modern tools on older web browsers for cross-compatibility. In February 2024, the Polyfill.io domain and GitHub account were acquired by Funnull, a Chinese CDN company. This raised concerns about …

Apache Software Foundation released Apache HTTP Server version 2.4.61 to fix a serious source code disclosure vulnerability (CVE-2024-39884). This flaw could expose sensitive server information to malicious actors. The CVE-2024-39884 vulnerability is caused by a problem in how old content-type configurations are managed. The “AddType” directive and similar settings, when …

Microsoft’s cybersecurity team found two major vulnerabilities in Rockwell Automation’s PanelView Plus, a widely used human-machine interface in industrial settings. There are two vulnerabilities, CVE-2023-2071 and CVE-2023-29464, that can be used by attackers without authentication. They can use these vulnerabilities for remote code execution (RCE) and denial-of-service (DoS) attacks. The …

Cybersecurity experts found 28 new types of ransomware in June. These malicious programs are a big threat to individuals and businesses. Cybercriminals are improving their tactics with each new variant, making it harder to detect and stop them. Ransomware encrypts important data, making it impossible for users to access. Afterward, …